HATS Legal and Governance Documents
This page provides the complete library of legal, governance, and policy documents published for the HATS (H33 AI Trust Standard) v1.0 conformance standard. These documents define the trust boundaries, certification processes, intellectual property terms, and operational policies that govern the HATS ecosystem. All documents are published by H33.ai, Inc. as the Issuing Authority for HATS v1.0. For the technical standard itself, see the HATS Standard.
Documents are organized by functional category. Each document carries a unique identifier and is maintained under the governance process defined in HATS-GOV-001.
Trust Boundaries
These documents define what HATS certification proves, what it does not prove, and the obligations of parties that rely on HATS artifacts.
| Document | ID | Description |
|---|---|---|
| Reliance Boundary and Liability Limitation | HATS-LEGAL-001 | Defines the scope of permissible reliance on HATS certification, liability caps, insurance underwriting disclaimers, trust assumptions, and failure modes. |
| Product Notice | -- | What HATS certifies, verification guarantees, and the boundary between governance attestation and operational security. |
| Export Control and Cryptography Notice | HATS-LEGAL-005 | Cryptographic algorithms used in HATS, ECCN classification guidance, EAR analysis, Wassenaar Arrangement, EU Dual-Use Regulation, and sanctioned country restrictions. |
Certification Governance
These documents govern how HATS certifications are issued, displayed, maintained, and revoked, and who may perform assessments.
| Document | ID | Description |
|---|---|---|
| Certification Mark and Trademark Usage Policy | HATS-LEGAL-002 | Rules for displaying HATS tier badges, wordmarks, and logos. Mandatory cessation timelines, co-branding restrictions, and enforcement process. |
| Certificate Lifecycle Policy | HATS-LEGAL-003 | Complete lifecycle from application to archival: issuance prerequisites, tier-specific requirements, continuous monitoring, suspension triggers, revocation, appeal, and public registry. |
| Auditor and Assessor Independence Policy | HATS-GOV-006 | Tier-based independence requirements, conflict-of-interest rules, cooling-off periods, assessor qualifications, rotation policies, and enforcement against assessors. |
Standards Process
These documents define how the HATS standard itself is governed, amended, and made available for independent implementation.
| Document | ID | Description |
|---|---|---|
| Standards Governance Model | HATS-GOV-001 | Amendment process, versioning scheme (semantic), freeze/unfreeze lifecycle, deprecation timelines, Technical Review Committee, emergency procedures, and transition to independent governance. |
| Conformance Testing License | HATS-GOV-002 | Worldwide, royalty-free, perpetual license for canonical test vectors. Implementation rights, conformance claim requirements, trademark restrictions, and vector versioning. |
| Technical Specification Overview | -- | 20 verification checks, 8 node types, hash profiles, PQ signature requirements, replay semantics, and conformance levels (Foundation, Comprehensive, Continuous). |
Compliance and Positioning
These documents address how HATS relates to existing regulatory frameworks and how HATS may be described in public communications.
| Document | ID | Description |
|---|---|---|
| Market Positioning | -- | HATS compared to SOC 2, ISO 27001, NIST CSF, and other governance frameworks. Complementary positioning, not replacement. |
| HATS and the EU AI Act | -- | How HATS continuous attestation aligns with EU AI Act transparency, auditability, and risk management requirements. |
| Marketing Claims Policy | HATS-GOV-004 | Approved terms ("HATS-certified," "independently verifiable"), prohibited language ("hack-proof," "replaces SOC 2"), enforcement levels, and press release review process. |
Privacy and Data
These documents address the data processing implications of HATS governance evidence.
| Document | ID | Description |
|---|---|---|
| Data Processing and Privacy Position | HATS-GOV-005 | H33 as processor, customer as controller, data minimization principles, 30-year default retention, GDPR Article 28 compliance, cross-border transfers, breach notification, and DPA availability. |
Verification
These documents govern the independent verification ecosystem and the use of HATS attestation in insurance underwriting.
| Document | ID | Description |
|---|---|---|
| Independent Verifier Policy | HATS-LEGAL-004 | Rights of independent implementors, 100% vector parity conformance requirements, trademark restrictions, patent safe harbor, bug reporting, and compatibility matrix governance. |
| Attested Risk Addendum | -- | How HATS attestation modifies cyber insurance risk assessment, premium structures, and claims adjudication. Framework for integrating continuous governance evidence into underwriting. |
Document Governance
All documents in this library are maintained under the governance process defined in the HATS Standards Governance Model (HATS-GOV-001). Material amendments require public notice periods of 60 to 120 days depending on scope. The Conformance Testing License grants irrevocable, royalty-free rights to test vectors and specification implementation. Questions regarding any document may be directed to standard@h33.ai.
Document library current as of May 17, 2026. HATS v1.0. Published by H33.ai, Inc.
Explore the HATS Standard
Read the full specification, run the conformance suite, or start your attestation deployment.
HATS Standard Conformance Suite